Ch19

Silberschatz, Galvin and Gagne 200219.1Operating System Concepts

Module 19: Security

� The Security Problem� Authentication� Program Threats� System Threats� Securing Systems� Intrusion Detection� Encryption� Windows NT

The Security Problem

� Security must consider external environment of thesystem, and protect it from:

✦ unauthorized access.

✦ malicious modification or destruction

✦ accidental introduction of inconsistency.

� Easier to protect against accidental than maliciousmisuse.

Authentication

� User identity most often established through passwords,can be considered a special case of either keys orcapabilities.

� Passwords must be kept secret.✦ Frequent change of passwords.

✦ Use of “non-guessable” passwords.✦ Log all invalid access attempts.

� Passwords may also either be encrypted or allowed to beused only once.

Program Threats

� Trojan Horse✦ Code segment that misuses its environment.✦ Exploits mechanisms for allowing programs written by users

to be executed by other users.

� Trap Door✦ Specific user identifier or password that circumvents normal

security procedures.✦ Could be included in a compiler.

� Stack and Buffer Overflow✦ Exploits a bug in a program (overflow either the stack or

memory buffers.)

System Threats

� Worms – use spawn mechanism; standalone program

� Internet worm✦ Exploited UNIX networking features (remote access) and bugs in

finger and sendmail programs.

✦ Grappling hook program uploaded main worm program.

� Viruses – fragment of code embedded in a legitimate program.✦ Mainly effect microcomputer systems.

✦ Downloading viral programs from public bulletin boards orexchanging floppy disks containing an infection.

✦ Safe computing.

� Denial of Service✦ Overload the targeted computer preventing it from doing any sueful

The Morris Internet Worm

Threat Monitoring

� Check for suspicious patterns of activity – i.e., severalincorrect password attempts may signal passwordguessing.

� Audit log – records the time, user, and type of allaccesses to an object; useful for recovery from a violationand developing better security measures.

� Scan the system periodically for security holes; donewhen the computer is relatively unused.

Threat Monitoring (Cont.)

� Check for:✦ Short or easy-to-guess passwords

✦ Unauthorized set-uid programs

✦ Unauthorized programs in system directories✦ Unexpected long-running processes

✦ Improper directory protections

✦ Improper protections on system data files✦ Dangerous entries in the program search path (Trojan

horse)✦ Changes to system programs: monitor checksum values

FireWall

� A firewall is placed between trusted and untrusted hosts.

� The firewall limits network access between these twosecurity domains.

Network Security Through Domain Separation Via Firewall

Intrusion Detection

� Detect attempts to intrude into computer systems.

� Detection methods:✦ Auditing and logging.

✦ Tripwire (UNIX software that checks if certain files anddirectories have been altered – I.e. password files)

� System call monitoring

Data Structure Derived From System-Call Sequence

Encryption

� Encrypt clear text into cipher text.� Properties of good encryption technique:

✦ Relatively simple for authorized users to incrypt and decryptdata.

✦ Encryption scheme depends not on the secrecy of thealgorithm but on a parameter of the algorithm called theencryption key.

✦ Extremely difficult for an intruder to determine theencryption key.

� Data Encryption Standard substitutes characters andrearranges their order on the basis of an encryption keyprovided to authorized users via a secure mechanism.Scheme only as secure as the mechanism.

Encryption (Cont.)

� Public-key encryption based on each user having twokeys:

✦ public key – published key used to encrypt data.

✦ private key – key known only to individual user used todecrypt data.

� Must be an encryption scheme that can be made publicwithout making it easy to figure out the decryptionscheme.

✦ Efficient algorithm for testing whether or not a number isprime.

✦ No efficient algorithm is know for finding the prime factors ofa number.

Encryption Example - SSL

� SSL – Secure Socket Layer

� Cryptographic protocol that limits two computers to onlyexchange messages with each other.

� Used between web servers and browsers for securecommunication (credit card numbers)

� The server is verified with a certificate.

� Communication between each computers uses symmetrickey cryptography.

Computer Security Classifications

� U.S. Department of Defense outlines four divisions ofcomputer security: A, B, C, and D.

� D – Minimal security.� C – Provides discretionary protection through auditing.

Divided into C1 and C2. C1 identifies cooperating userswith the same level of protection. C2 allows user-levelaccess control.

� B – All the properties of C, however each object mayhave unique sensitivity labels. Divided into B1, B2, andB3.

� A – Uses formal design and verification techniques toensure security.

Windows NT Example

� Configurable security allows policies ranging from D to C2.

� Security is based on user accounts where each user has asecurity ID.

� Uses a subject model to ensure access security. A subjecttracks and manages permissions for each program that a userruns.

� Each object in Windows NT has a security attribute defined by asecurity descriptor. For example, a file has a security descriptorthat indicates the access permissions for all users.

Ch19

Design

Transcript of Ch19

Ch19 Young Freedman1

Ch19 Pancreas

Chapter 19Solutions Ch19

0205084567 ch19

Knight Ch19

Patrick Tb Ch19

Fm10e ch19

Solutions Ch19

Sayre2e ch19 images_cap

Taxincidence Ch19 New

Ch19 WebCT

Judge ch19 lecture

Ch19 Wade Chemistry

Patrick Ch19 p3

International Business CH19

ch19 Physics Solutions

Production technology Ch19

Comp SM Ch19

CH19 Springs

Ch19 (403 450)